Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

Share This Post

Google has announced the general availability of client-side encryption (CSE) for Gmail and Calendar, months after piloting the feature in late 2022.

The data privacy controls enable “even more organizations to become arbiters of their own data and the sole party deciding who has access to it,” Google’s Ganesh Chilakapati and Andy Wen said.

To that end, users can send and receive emails or create meeting events within their organizations or to other external parties in a manner that’s encrypted “before it reaches Google servers.”

The company is also making available a decrypter tool in beta for Windows to decrypt client-side encrypted files and emails exported via its Data Export tool or Google Vault. macOS and Linux versions of the decrypter are expected to be released in the future.

The development follows the rollout of CSE to other products such as Google Drive, Docs, Slides, Sheets, and Meet.

The solution, the tech behemoth said, is aimed at reducing the “burden of compliance” for enterprises and public sector organizations, ensuring that no third-party, including Google, can access confidential data.

The feature is globally available to Workspace Enterprise Plus, Education Standard, and Education Plus customers. It does not extend to personal Google Accounts.

It once again bears repeating that client-side encryption is different from end-to-end encryption (E2EE), as Google Workspace users with super administrator privileges can toggle the setting on/off and have control over the encryption keys created.

Are your security controls ? effective? Join us for our upcoming webinar and find out how to prevent zero-day security events from unknown files.

It’s also different from Pretty Good Privacy (PGP), which also provides the benefits of CSE via public-key cryptography but requires users to exchange keys with each party first before sending an email. To add to the complexity, it passes the burden of creating and managing the keys to the users.

The integration of CSE to Gmail is the newest addition after Google launched a confidential mode to help protect sensitive information from unauthorized access when sending messages and attachments.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

The Hacker News

Read More

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.
Article

BFU – Seeing is Believing

Oh no, the device is in BFU. This is the common reaction; a device needs extracting, and you find it in a BFU state. Often, there’s an assumption that a BFU extraction will only acquire basic information, but that isn’t always the case.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .